z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


When you can specify generic profile names

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can create a profile with a generic name when either of the following is true for the class of the profile:
  • The SETROPTS GENERIC(DATASET) option is in effect. Not only does this option allow the creation of generic profiles, it also causes RACF® to use generic profiles during authorization checking.
  • The SETROPTS GENCMD(DATASET) option is in effect. In this case, generic profiles can be created and modified, but RACF does not use them during authorization checking. This is intended for use when migrating from discrete profiles to generic profiles.

Some of the rules for generic characters are different between general resource and data set generic profiles. For more information, see Rules for generic profile names and z/OS Security Server RACF Command Language Reference.

The following rules apply to generic data set profile names:
  • Valid generic characters are *, %, and **:
    • Specify % in the profile name to match any single non-blank character (except a period) in the same position of the resource name.
    • Specify * or ** in the profile name to match more than one character in the same position of the resource name. For data set profile names, you can specify ** only if the SETROPTS EGN option is in effect. For a complete description, with examples, of how to specify * and **, see z/OS Security Server RACF Command Language Reference.
  • For profiles in the DATASET class, the high-level qualifier of the profile name can neither contain nor be a generic character. Here are some examples:
    ABC.EF*
    Valid
    ABC.EF.**
    Valid
    A%C.EFG
    Invalid
    *.EFG
    Invalid
    ABC*.XYZ
    Invalid
    **.XYZ
    Invalid
    Note: You might see data set names with the high-level qualifiers of &&TEMP and **SYSUT. These data sets are created internally by the IEHMOVE program and should not be used for any other reason.

    RACF enforces the rule that data set qualifiers can be no longer than eight characters. Therefore, in generic data set profiles, the generic characters * and ** cannot be used to match qualifiers that are longer than eight characters.

Parent topic: Rules for generic data set profile names

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014